# How To Configure NPS and Active Directory For Dynamic Radius based Vlan assignment [https://community.cambiumnetworks.com/t/how-to-configure-nps-and-active-directory-for-dynamic-radius-based-vlan-assignment/55086](https://community.cambiumnetworks.com/t/how-to-configure-nps-and-active-directory-for-dynamic-radius-based-vlan-assignment/55086) This document is to describe the steps to configure NPS(network policy servicer)server with below use case - Vlans need to be assigned based on different Radius group i.e Sales group to Vlan 10 Account group to Vlan 20. Steps:- 1. Open Active directory Users and Computers. Right click on Users .Create a new group.
[![1.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/8/87d02a9fa9633e72d2c51efaed29bd76ee5023dd_2_690x388.png "1.png")
1.png1152×648 76.1 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/8/87d02a9fa9633e72d2c51efaed29bd76ee5023dd.png "1.png")
2. Give group name Vlan10(User is free to use any name)
[![2.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/3/32c2e828a4348e761913a118de8140cfc4212927_2_690x388.png "2.png")
2.png1152×648 63.3 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/3/32c2e828a4348e761913a118de8140cfc4212927.png "2.png")
3\. Like these create as many groups required. Make the group part of Domain Users by clicking on Member of tab and then click on add.
[![3.png](https://d1okf4ta8xniw3.cloudfront.net/original/2X/2/200695f0cdaf81f500c1991ad6a8b7995d493ef1.png "3.png")
3.png1152×648 3.99 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/2/200695f0cdaf81f500c1991ad6a8b7995d493ef1.png "3.png")
4\. Add AD user. Click on Users and right click. Select New users. Give name xyz(User chosen)
[![4.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/6/63cef10a88a93d610d6e4d69abcf3a81862b0ff2_2_690x388.png "4.png")
4.png1152×648 60.4 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/6/63cef10a88a93d610d6e4d69abcf3a81862b0ff2.png "4.png")
5\. Give Username as xyz and click on OK
[![5.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/a/a4ba1ae32922a27df33ef7cb219edfb638c7d0f2_2_690x388.png "5.png")
5.png1152×648 67.3 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/a/a4ba1ae32922a27df33ef7cb219edfb638c7d0f2.png "5.png")
6\. Click on properties of the created user xyz and click on Dial In tab. Select Allow access and then press OK.
[![6.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/5/524a61b8e229a5dc2a37934489dec6c0e1dc0c33_2_690x388.png "6.png")
6.png1152×648 37.4 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/5/524a61b8e229a5dc2a37934489dec6c0e1dc0c33.png "6.png")
7\. Click on Member Of tab. Add domain users and the radius group by clicking on Add button
[![7.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/9/9ea5a25cdf43e46770d45a0f39e1d9d38c52b2c2_2_690x388.png "7.png")
7.png1152×648 29.5 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/9/9ea5a25cdf43e46770d45a0f39e1d9d38c52b2c2.png "7.png")
Adding group
[![8.png](https://d1okf4ta8xniw3.cloudfront.net/original/2X/4/4246cd91a058acb075813a38a4bb120b0812b8cf.png "8.png")
8.png1152×648 3.94 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/4/4246cd91a058acb075813a38a4bb120b0812b8cf.png "8.png")
Adding domain users
[![9.png](https://d1okf4ta8xniw3.cloudfront.net/original/2X/2/200695f0cdaf81f500c1991ad6a8b7995d493ef1.png "9.png")
9.png1152×648 3.99 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/2/200695f0cdaf81f500c1991ad6a8b7995d493ef1.png "9.png")
8.Press Ok . Now the user is part of the domain user and group . **Configuring NPS server** ================================== 9.Click on Network Policy and click on New
[![10.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/7/7fcbc261570281159adabb904147be78e9a35ad1_2_690x388.png "10.png")
10.png1152×648 50.5 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/7/7fcbc261570281159adabb904147be78e9a35ad1.png "10.png")
10\. Give policy name such as Vlan10\_policy.Click on Next
[![11.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/1/10442e88a4849440809e3a6cd3b5961ecb03b725_2_690x388.png "11.png")
11.png1152×648 55.7 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/1/10442e88a4849440809e3a6cd3b5961ecb03b725.png "11.png")
11\. Click on Add button.
[![12.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/9/9bbb820d5750552fbaab5b63eb2c536fde2713e0_2_690x388.png "12.png")
12.png1152×648 34.4 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/9/9bbb820d5750552fbaab5b63eb2c536fde2713e0.png "12.png")
12\. Select User Groups and click on Add.
[![13.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/c/c0fc09db647514e83ada95d6681cc30b3168b4f0_2_690x388.png "13.png")
13.png1152×648 57.9 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/c/c0fc09db647514e83ada95d6681cc30b3168b4f0.png "13.png")
13\. Adding user group .Click on Add Groups
[![14.png](https://d1okf4ta8xniw3.cloudfront.net/original/2X/c/c5c8823a40f77756380738606948988070084c3c.png "14.png")
14.png1152×648 3.04 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/c/c5c8823a40f77756380738606948988070084c3c.png "14.png")
14\. Click on Add Groups and add the configured AD group , in this example Vlan10.Click on OK
[![15.png](https://d1okf4ta8xniw3.cloudfront.net/original/2X/8/8dd44f3ce251335e46bb27cb094bab67854edf29.png "15.png")
15.png1152×648 3.73 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/8/8dd44f3ce251335e46bb27cb094bab67854edf29.png "15.png")
15\. Add another condition in Network policy that is Nas port type
[![16.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/5/50d87f92439ee7e26c3c572457f616b4f5252f6d_2_690x388.png "16.png")
16.png1152×648 62.4 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/5/50d87f92439ee7e26c3c572457f616b4f5252f6d.png "16.png")
16\. Select Nas port type and then add. Select Wireless –IEEE 802.11
[![17.png](https://d1okf4ta8xniw3.cloudfront.net/original/2X/c/cf19ef35e0ab4397d1988e64d656a2100e00adb2.png "17.png")
17.png1152×648 5.52 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/c/cf19ef35e0ab4397d1988e64d656a2100e00adb2.png "17.png")
17\. Now Both the conditions are added.
[![18.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/2/210601262cdd67946b76d056bef9eca581dcd05b_2_690x388.png "18.png")
18.png1152×648 53.8 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/2/210601262cdd67946b76d056bef9eca581dcd05b.png "18.png")
19\. Click on constraints and select EAP methods that you want to be supported.
[![19.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/4/423a4900bbea693576e9bf0c9c7a491f74c12290_2_690x388.png "19.png")
19.png1152×648 76.5 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/4/423a4900bbea693576e9bf0c9c7a491f74c12290.png "19.png")
20. Now click on Settings tab
[![20.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/5/517933c533d0019a853e2e3938c9c2511379adc7_2_690x388.png "20.png")
20.png1152×648 77.1 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/5/517933c533d0019a853e2e3938c9c2511379adc7.png "20.png")
20\. Click on Add button.Add three attributes Select Tunnel-Pvt-Group-ID,Tunnel-Medium-Type,Tunnel-Type Select Tunnel-Pvt-Group-ID
[![21.png](https://d1okf4ta8xniw3.cloudfront.net/original/2X/2/2e9d72bd0ad473582f466ade1e0e93f792300a6b.png "21.png")
21.png1152×648 5.52 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/2/2e9d72bd0ad473582f466ade1e0e93f792300a6b.png "21.png")
21\. Click on Add . Then click on Add
[![22.png](https://d1okf4ta8xniw3.cloudfront.net/original/2X/0/0800173d9c060cb25b1d1d89a0715f2a8c357428.png "22.png")
22.png1152×648 4 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/0/0800173d9c060cb25b1d1d89a0715f2a8c357428.png "22.png")
22\. Select String radio button under “Enter the attribute value in ”.Configure the vlan ID that you want to configure and click OK.
[![23.png](https://d1okf4ta8xniw3.cloudfront.net/original/2X/b/bde1072d506a286c53f403cf526df22d4968af88.png "23.png")
23.png1152×648 3.75 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/b/bde1072d506a286c53f403cf526df22d4968af88.png "23.png")
23\. This way add Tunnel-Medium-Type and Tunnel-Type attributes as 802(includes all 802 media plus Ethernet Calonical Format) and Tunnel-Type as Vlan
[![26.png](https://d1okf4ta8xniw3.cloudfront.net/optimized/2X/6/6672754c0afa744fc86719130fa826c756013428_2_690x388.png "26.png")
26.png1152×648 43.7 KB
](https://d1okf4ta8xniw3.cloudfront.net/original/2X/6/6672754c0afa744fc86719130fa826c756013428.png "26.png")